Ben Grubb and Clancy Yeates report: The private details of almost 100,000 Australian bank customers have been exposed in a cyber attack on the real-time payments platform PayID, which allows the instant transfer of money between banks using either a mobile number or email address. The attack on Westpac, which also affects customers from other…
Ca: Weight Loss Grants posts customer health information without consent
Sean O’Shea reports: A company that promised to pay customers for losing weight has posted personal information about clients, including their names, weights, weight loss goals and even facial photographs on its website. Weight Loss Grants revealed the personal information without clients’ consent after news reports described how the organization failed to make payments to…
Report: Theta360 Leak Potentially Exposed Millions of Users’ Public and Private Photographs
VPNMentor reports that their research team has discovered that Theta360 inadvertently left users’ photos — even those intended to be private — exposed. The leak exposed at least 11 million public and private photographs. The data breach exposed thousands of users’ photos, many of whom chose to keep their images private. The breach did not expose…
Update on American Medical Collection Agency breach: Almost 12 million Quest Diagnostic patients impacted
On May 10, DataBreaches.net broke the story of a medical collection agency breach involving American Medical Collection Agency. The breach had been discovered by Gemini Advisory, who informed this site that they had found approximately 200,000 patients’ payment card info for sale on a well-known marketplace. The cards had apparently been compromised between September, 2018…
Health Quest phishing incident in 2018 results in notification to patients, but why such a long delay?
Today’s Poughkeepsie Journal has a news story about a phishing incident that appears to have been discovered in July, 2018 that affected an unspecified number of Health Quest patients. From the available information, it sounds like Health Quest first discovered email attachments in January, 2019, and then it took them until April 2, 2019 to…
NY: Broome County security breach put employees’ and clients’ personal information at risk
Katie Sullivan Borrelli reports: Broome County says an unauthorized individual may have had access to the personal information of county employees and individuals who receive the county’s care, including their Social Security numbers, medical records and bank account information. In a news release sent on its behalf by Mullen Coughlin LLC, of Wayne, Pennsylvania, the…